New Phishing Texts Utilizing QR Codes to Target Traffic Violation Scams

Scammers Targeting Drivers with Fake Traffic Violation Text Messages

Recently, scammers have been sending deceptive text messages to individuals across the United States, posing as state courts and pressuring recipients to scan QR codes. These QR codes lead to phishing websites that aim to steal personal and financial information from unsuspecting victims.

This new scam is a variation of previous toll violation and unpaid parking ticket schemes that were prevalent in 2025, which falsely claimed to be from state toll agencies.

Reports of this new campaign surfaced a few weeks ago when a text message targeting New York residents was shared with BleepingComputer. Similar texts have since been reported for other states such as California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey.

Unlike previous scams that included links to phishing websites, this new tactic involves sending an image of a fake court notice with an embedded QR code.

The fake court notice warns recipients about an outstanding traffic violation concerning their registered vehicle in the State of New York, claiming that the matter has escalated to the formal enforcement stage.

The fraudulent text messages claim to be from the “Criminal Court of the City of New York,” alleging unpaid parking or toll violations that must be settled immediately or require a court appearance. Recipients are instructed to scan a QR code to resolve the purported unpaid balances.

Scanning the QR code redirects individuals to an intermediary site that first presents a CAPTCHA to verify human interaction. This tactic is employed to thwart automated security software and researchers from analyzing the phishing campaign.

Solving the CAPTCHA leads to another phishing site impersonating state agencies like the DMV, demanding payment for alleged toll or parking violations, typically amounting to $6.99.

For instance, phishing websites mimicking the New York DMV use hostnames like “ny.gov-skd[.]org” or “ny.ofkhv[.]life”.

Entering personal and credit card information on the phishing site enables cybercriminals to collect data such as names, addresses, phone numbers, email addresses, and credit card details, which can be exploited for various malicious purposes.

It is crucial to exercise caution when receiving text messages from unfamiliar numbers or email addresses requesting payment, as state agencies have repeatedly emphasized that they do not solicit personal or payment information via text.

Beware of Phishing Scams

Phishing scams continue to evolve, with scammers employing new tactics to deceive individuals and steal their sensitive information. Stay vigilant and avoid clicking on suspicious links or providing personal details to unknown sources.

Avoid falling victim to cyber threats with automated pentesting and comprehensive security controls. Download our whitepaper to uncover essential insights and enhance your cybersecurity defenses.

Get Your Copy Now